Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM 6.4 - Oauth 2 legged authorization

a_mn1
Level 4
Level 4

Hi All, I am trying to implement Oauth authorization in AEM publisher for certain resources.   As per the link https://www.albinsblog.com/2017/07/exposing-resources-through-oauth-aem.html#.XJByjSIzbIW  I undestand AEM supports 3 legged Oauth. I want to try 2 legged(Client credentials) and didnt see any helping documents for the same.

Have someone already tried this. Can you please share some pointers to the same

Regards,

Anand

1 Accepted Solution
a_mn1
Correct answer by
Level 4
Level 4

Hello Gaurav, Confimed by checking  the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

View solution in original post

13 Replies
Gaurav-Behl
Community Advisor
Community Advisor

Per my understanding, the implementation is same as 3-legged except you won't pass token and secret but empty strings. Client Application will need to have its client ID and secret stored in a secure manner

check the flow-

The OAuth Bible

a_mn1
Level 4
Level 4

Thanks Gaurav. I tried to create the token but am getting the below error . I am trying to do POST request using Rest client and  seeing the below error in POSTMAN.

1715234_pastedImage_0.png

Error in error.log -- >

20.03.2019 12:38:38.876 *ERROR* [qtp1411610424-69] org.apache.felix.http.jetty Exception while processing request to /oauth/token (java.lang.IllegalStateException: Committed)

java.lang.IllegalStateException: Committed

at org.eclipse.jetty.server.HttpChannel.resetBuffer(HttpChannel.java:894) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.HttpOutput.resetBuffer(HttpOutput.java:959) [org.apache.felix.http.jetty:4.0.6]

at org.eclipse.jetty.server.Response.resetBuffer(Response.java:1312) [org.apache.felix.http.jetty:4.0.6]

at javax.servlet.ServletResponseWrapper.resetBuffer(ServletResponseWrapper.java:195) [org.apache.felix.http.servlet-api:1.1.2]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:67) [org.apache.felix.http.jetty:4.0.6]

at org.apache.felix.http.base.internal.dispatch.ServletResponseWrapper.sendError(ServletResponseWrapper.java:61) [org.apache.felix.http.jetty:4.0.6]

at com.adobe.granite.oauth.server.impl.OAuth2TokenEndpointServlet.doPost(OAuth2TokenEndpointServlet.java:183) [com.adobe.granite.oauth.server:1.1.26]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) [org.apache.felix.http.servlet-api:1.1.2]

at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) [org.apache.felix.http.servlet-api:1.1.2]

Gaurav-Behl
Community Advisor
Community Advisor

Probably, you are missing required headers via POSTMAN. Make required config changes to CSRF and Sling Referrer Filter for testing via POSTMAN - allow empty headers for testing. Enable Postman Interceptor and check

Have you tested your setup with usual 3 legged config to rule out any configuration related issues?

Couple of examples --https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

https://www.practicalaem.com/2016/02/02/using-oauth-authentication-in-aem/

OAuth Server functionality in AEM - Embrace Federation and unleash your REST APIs!

a_mn1
Level 4
Level 4

Yes. I am trying 3 legged only now. Followin the steps here: https://www.albinsblog.com/2017/05/how-to-get-basic-profile-details-of-user-through-oauth.html#.XJHd...

Here the Receive the access token step is failing.  The post request to http://localhost:4502/oauth/token is failing from POSTMAN.

Gaurav-Behl
Community Advisor
Community Advisor

Could you please explain what step are you on based on the flow diagram @ Adobe Experience Manager Help | Developing OAuth Scopes in AEM

Did you pass correct parameters(grant_type, redirect_uri, client_id etc.) in POSTMAN?

a_mn1
Level 4
Level 4

After step 9  , While requesting for Access token , the post request is failing in POSTMAN. However as mentioned in the link that I have pointed out , I was able to generate the access token using curl command. So 3 legged flow is working as expected in AEM. However I tried 2 legged (client_credentials ). But got the below error.

1716932_pastedImage_0.png

Any pointers??  smacdonald2008kautuksahni

Regards,

Anand.

Gaurav-Behl
Community Advisor
Community Advisor

json format example-

curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/json' \ --data '{"grant_type":"client_credentials","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","audience": "YOUR_API_IDENTIFIER"}'

I don't see "POST" in your screenshot.

a_mn1
Level 4
Level 4

Hello Gaurav PFB the screen shot

2LEGGEDposT.JPG

a_mn1
Correct answer by
Level 4
Level 4

Hello Gaurav, Confimed by checking  the bundle "OSGi Bundle for Granite OAuth Server" that only 2 grant types are supported by Adobe for token generation.

1. AUTHORIZATION_CODE

2. REFRESH_TOKEN

3. JWT_BEARER

View solution in original post

pretzelpanda
Level 1
Level 1
Hi, just a question we are trying to implement oauth2 using client_credentials, is it already supported?
Gaurav-Behl
Community Advisor
Community Advisor

If that's the case, then you may reach out to DayCare and find out the reason/next steps.

a_mn1
Level 4
Level 4

Sure. Have already raised a ticket with Daycare

tanyakapila
Employee
Employee

Hi Anand,

As discussed, currently AEM do not support the client_credentials flow and internal discussions have triggered for including but there is no short-sighted plan to support it in the near future.

Regards.